Overview

Our objective here is to setup Elasticsearch, Logstash, and Kibana to be able to consume PFSense 2.3 syslog feeds for the different modules so that we can create pretty graphs and operational dashboards.

Installation

The first thing that you want to do is install Java. ElasticSearch and LogStash both run jRuby which is a java variant of ruby. Kibana runs NodeJS.

Make sure your system is up to date: sudo apt update && sudo apt upgrade -y

Configure Kibana

Edit the following lines in your /opt/kibana/config/kibana.yml file to look like:

# Kibana is served by a back end server. This controls which port to use.
server.port: 5601
# The host to bind the server to.
server.host: "X.X.X.X"
# The Elasticsearch instance to use for all your queries.
elasticsearch.url: "http://localhost:9200"

Create Index in Kibana

Browser to http://X.X.X.X:5601

Settings Page -> Indices -> Add New

Kibana pfSense New Index

Now you can search, create visualizations, and dashboards of visualizations!!

If anyone has any cool looking pfSense dashboards for 2.3 let me know, I’d like to post some examples.

6 comments

You should be able to consume the syslog data. I am not sure if the logstash patterns would apply though, if they are different making custom patterns for the same output should not be too much hassle once you get the hang of logstash pattern mapping.